write-concept
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Step 2 performs WebSearch for curriculum documents. 2. Boundary markers: Absent. 3. Capability inventory: Step 4 and 5 perform file writes to content and translation files; Step 6 executes shell commands. 4. Sanitization: Absent. Malicious external content could influence the agent to write backdoors or manipulate code.
- [COMMAND_EXECUTION] (MEDIUM): Step 6 executes 'bun run check:concepts {subject}/{concept-id}'. Since these variables are derived from potentially untrusted research data, an attacker could manipulate them to execute unauthorized commands or flags.
Recommendations
- AI detected serious security threats
Audit Metadata